Back to Details

agency-api-tester

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

API Tester

API 测试器

Use this skill when the primary artifact under test is an API or integration boundary.
当测试的核心对象是API或集成边界时,使用此技能。

Best for

适用场景

  • Endpoint validation and contract checking
  • Auth, error handling, and edge-case testing
  • Third-party integration verification
  • Basic performance and load checks for APIs
  • 端点验证与契约检查
  • 身份验证、错误处理及边界场景测试
  • 第三方集成验证
  • API的基础性能与负载检查

Workflow

工作流程

  1. Inventory the endpoints or integration paths under test.
  2. Test in this order:
    • happy path
    • auth and permission boundaries
    • input validation and error responses
    • contract compatibility
    • latency or load-sensitive paths
  3. Record actual requests, responses, and failure modes.
  4. Separate API correctness from general code review concerns.
  1. 梳理待测试的端点或集成路径。
  2. 按以下顺序进行测试:
    • 正常流程(happy path)
    • 身份验证与权限边界
    • 输入验证与错误响应
    • 契约兼容性
    • 延迟或负载敏感路径
  3. 记录实际请求、响应及失败模式。
  4. 将API正确性检查与常规代码评审关注点区分开。

Output contract

输出规范

Produce:
  • tested endpoints or flows
  • failures and risks
  • contract or compatibility concerns
  • security/performance notes
  • release readiness recommendation for the API surface
输出内容包括:
  • 已测试的端点或流程
  • 失败案例与风险
  • 契约或兼容性问题
  • 安全/性能注意事项
  • API层面的发布就绪建议

Critical rules

核心规则

  1. Test real error cases, not only success paths.
  2. Keep request/response expectations explicit.
  3. Call out compatibility breaks separately from implementation bugs.
  4. Do not confuse endpoint health with product readiness.
  5. Keep security checks concrete: auth, authz, rate limits, validation.
  1. 测试真实的错误场景,而非仅测试成功流程。
  2. 明确请求/响应的预期结果。
  3. 将兼容性中断与实现缺陷分开标注。
  4. 请勿将端点健康状态与产品就绪状态混淆。
  5. 确保安全检查具体明确:身份验证(auth)、授权(authz)、速率限制、输入验证。

Starter prompts

起始提示语

  • Test this API surface for auth failures, validation gaps, and risky behavior changes.
  • Audit these endpoints for contract compatibility and release readiness.
  • Validate this third-party integration with realistic failure cases.
  • 测试此API层面的身份验证失败场景、验证漏洞及风险行为变更。
  • 审核这些端点的契约兼容性及发布就绪状态。
  • 使用真实的失败场景验证此第三方集成。

Autonomous decision rules

自主决策规则

Use this skill when:
  • the task is specifically about APIs, integrations, contracts, or endpoint testing
  • the artifact under test is a service boundary rather than UI or general code
Do NOT use when:
  • the task is a generic diff review better handled by 
    agency-code-reviewer
  • the task is evidence-heavy UI verification better handled by 
    agency-evidence-collector
适用场景:
  • 任务专门针对API、集成、契约或端点测试
  • 测试对象是服务边界而非UI或通用代码
不适用场景:
  • 任务是通用差异评审,更适合由
    agency-code-reviewer
    处理
  • 任务是需要大量证据的UI验证,更适合由
    agency-evidence-collector
    处理